Commit Graph

1401 Commits

Author SHA1 Message Date
Saied Kazemi 9212f68293 Some C/R bug fixes and changes in the new libcontainer and nsinit.
This is work in progress, integrating C/R support from
https://github.com/SaiedKazemi/docker/tree/cr into the
new libcontainer and nsinit.

Signed-off-by: Saied Kazemi <saied@google.com>
2015-05-20 15:17:59 -07:00
Michael Crosby 406f32a774 Set default criu binary
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-20 15:17:34 -07:00
Michael Crosby f15aba685b Update criu support with restored processes
Also use pipes for non tty so that the parent's tty of the nsinit
process does not leak into the conatiner.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-20 15:17:34 -07:00
Michael Crosby da009f5710 Add nsinit support for checkpoint and restore
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-20 15:16:13 -07:00
Michael Crosby 6fec5923e3 Add Checkpoint and Restore methods to Container
Containers support checkpointing and restore via criu(8) for linux
containers.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-20 15:15:36 -07:00
Andrey Vagin 9ac1ad0fcf integration: don't ignore exit codes of test processes
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-05-21 00:01:45 +03:00
Michael Crosby a4a648ce30 Merge pull request #583 from jhowardmsft/master
Windows: Initial compilation enablement
2015-05-18 11:11:08 -07:00
Michael Crosby ef5240072a Merge pull request #562 from mrunalp/sys_prop_flag
Add a flag for specifying system properties.
2015-05-18 11:08:32 -07:00
Alexander Morozov ec538cae1a Merge pull request #542 from sayuan/fix-rand-mac
Set the seed when randMacAddr
2015-05-18 09:51:59 -07:00
Mrunal Patel b38cce017b Add a flag for specifying system properties.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-05-16 22:10:30 -04:00
Mrunal Patel 94e6c73a32 Merge pull request #596 from shurcooL/patch-1
Fix nsenter package on unsupported platforms.
2015-05-16 18:24:18 -07:00
Dmitri Shuralyov 22eb88ec49 Fix nsenter package on unsupported platforms.
Commit 4d1d6185ab added this nsenter_unsupported.go file in order for nsenter to be a valid (but empty, non-functional) Go package on unsupported platforms. However, on such platforms, Go still complains because there exists a .c file in this folder, but the package doesn't use cgo.
Fix that by importing "C" pseudo-package.

Signed-off-by: Dmitri Shuralyov <shurcooL@gmail.com>
2015-05-15 17:32:44 -07:00
John Howard c712fa0814 Windows: Initial compilation enablement
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-15 15:26:17 -07:00
Michael Crosby 7adbe0f728 Merge pull request #589 from Mashimiao/cgroup-systemd-add-freezer-set
cgroup: Add freeze Set When calls systemd to Apply
2015-05-15 10:23:38 -07:00
Michael Crosby fabd8e98be Merge pull request #582 from Mashimiao/add-cgroup-subsystem-net_cls
cgroups: add support for net_cls
2015-05-15 10:22:54 -07:00
Alexander Morozov 5562cadd49 Merge pull request #591 from hqhq/hq_add_kmemlimit
Add support for kmem limit
2015-05-15 08:45:19 -07:00
Victor Marmol 6dd5d073b3 Merge pull request #590 from hqhq/hq_fix_stacktrace_panic
Fix stacktrace panic
2015-05-15 08:37:21 -07:00
Qiang Huang 676be0c5f8 Add support for kmem limit
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-05-15 14:24:56 +08:00
Qiang Huang 12fd655de4 Fix stacktrace panic
According to https://golang.org/src/runtime/symtab.go?s=3423:3455#L94
It is possibile that runtime.FuncForPC() returns nil, don't know how
but I do met this problem when some kernel config problems cause
`p.createNetworkInterfaces` return error.

panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xb code=0x1 addr=0x0]

goroutine 74 [running]:
github_com_docker_libcontainer_stacktrace.NewFrame
        /go/src/github.com/docker/docker/vendor/src/github.com/docker/libcontainer/stacktrace/frame.go:12
github_com_docker_libcontainer_stacktrace.Capture
        /go/src/github.com/docker/docker/vendor/src/github.com/docker/libcontainer/stacktrace/capture.go:18
libcontainer.newSystemError
        /go/src/github.com/docker/docker/vendor/src/github.com/docker/libcontainer/generic_error.go:48
github_com_docker_libcontainer.start.pN42_github_com_docker_libcontainer.initProcess
        /go/src/github.com/docker/docker/vendor/src/github.com/docker/libcontainer/process_linux.go:177
github_com_docker_libcontainer.Start.pN45_github_com_docker_libcontainer.linuxContainer
        /go/src/github.com/docker/docker/vendor/src/github.com/docker/libcontainer/container_linux.go:102
github_com_docker_docker_daemon_execdriver_native.Run.pN56_github_com_docker_docker_daemon_execdriver_native.driver
        /go/src/github.com/docker/docker/.gopath/src/github.com/docker/docker/daemon/execdriver/native/driver.go:149
github_com_docker_docker_daemon.Run.pN38_github_com_docker_docker_daemon.Daemon
        /go/src/github.com/docker/docker/.gopath/src/github.com/docker/docker/daemon/daemon.go:1007
github_com_docker_docker_daemon.Start.pN48_github_com_docker_docker_daemon.containerMonitor
        /go/src/github.com/docker/docker/.gopath/src/github.com/docker/docker/daemon/monitor.go:138
promise.$nested0
        /go/src/github.com/docker/docker/.gopath/src/github.com/docker/docker/pkg/promise/promise.go:8
created by github_com_docker_docker_pkg_promise.Go
        /go/src/github.com/docker/docker/.gopath/src/github.com/docker/docker/pkg/promise/promise.go:7

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-05-15 13:09:46 +08:00
Ma Shimiao d095c66ba6 cgroup: add freeze Set When calls systemd to Apply
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-05-15 10:39:04 +08:00
Ma Shimiao b88944f9e0 cgroups: add support for net_cls
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-05-15 08:44:40 +08:00
Victor Marmol 64c5e5193f Merge pull request #584 from Mashimiao/add-cgroup-subsystem-net_prio
cgroup: add support for net_prio
2015-05-14 12:54:45 -07:00
Victor Marmol acd866fbf1 Merge pull request #587 from Mashimiao/cpu-add-rt-throtting
croup cpu: add support for realtime throttling
2015-05-14 10:34:03 -07:00
Ma Shimiao 3a788dd7f3 croup cpu: add support for realtime throttling
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-05-14 20:46:39 +08:00
Ma Shimiao 0810bc868c cgroup: add support for net_prio
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-05-14 14:47:07 +08:00
Victor Marmol a37b2a4f15 Merge pull request #476 from hqhq/hq_dont_fail_subsystem
don't fail when subsystem not mounted
2015-05-11 09:29:59 -07:00
Mrunal Patel 2a94c82423 Merge pull request #576 from crosbymichael/revert-sysmounts
Do not prevent mounts in /sys
2015-05-08 11:02:15 -07:00
Michael Crosby 02e6427ecf Do not prevent mounts in /sys
Mounts in /sys like /sys/fs/cgroup are valid and should be allowed at
the libcontainer level.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-08 10:47:51 -07:00
Mrunal Patel 3c659cb2ea Merge pull request #573 from LK4D4/update_gocap
Update github.com/syndtr/gocapability to 66ef2aa
2015-05-07 15:55:23 -07:00
Alexander Morozov 90f8aa670f Merge pull request #574 from crosbymichael/symlink-dev-secfix
Security fixes for docker 1.6.1
2015-05-07 14:48:17 -07:00
Michael Crosby 8ef205cd1c Update mnt command test path
You cannot use an abs path inside the conatiner's rootfs.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-07 14:46:19 -07:00
Eric Windisch 364d8e1505 Disable all mounts in AppArmor profile
Allowing mounts in containers is dangerous. Bugs in
mount namespaces or quirks of the container configuration
could allow for various breakouts.

By default, processes in containers will not be able to mount anyway,
rendering the allowances in the default AppArmor profile nearly
useless. Manually created sub-containers were able to mount, but
were yet restricted from performing most of the mounts flags indicated
in the profile.

Signed-off-by: Eric Windisch <eric@windisch.us>
2015-05-07 14:38:44 -07:00
Michael Crosby 2323c4c48d Use filepath.Rel for subdirectory comparison
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-07 14:38:44 -07:00
Michael Crosby c08e43409d Move reopenDevNull until after rootfs jail
We need to do this incase /dev/null is a symlink pointing somewhere
outside the container's rootfs.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-07 14:38:44 -07:00
Michael Crosby e3e7c47123 Prohibit bind mounts into /
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-07 14:38:44 -07:00
Michael Crosby 3c25c9b9cf Eval mount destination after each mount
User specified mounts much be evaluated after each mount because
symlinks in nested mounts can invalidate the next mount.

Also check that any bind mounts are not inside /proc or /sys to ensure
that we are able to mask over certian paths inside.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-05-07 14:38:44 -07:00
Alexander Morozov 68edb28e5a Update github.com/syndtr/gocapability to 66ef2aa
It adds List function which allows to get list of all supported caps

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-05-07 10:17:58 -07:00
Michael Crosby 08cf3beaf0 Merge pull request #572 from hqhq/hq_fix_spec
some fixes for SPEC
2015-05-06 11:00:51 -07:00
Mrunal Patel 654d44509d Merge pull request #570 from hqhq/hq_add_gitignore
add vendor/pkg to gitignore
2015-05-06 10:20:23 -07:00
Qiang Huang 8377168545 some fixes for SPEC
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-05-06 22:47:50 +08:00
Alexander Morozov f1d459dbbf Merge pull request #569 from hqhq/hq_change_logrus
Replace aliased imports of logrus
2015-05-06 07:45:40 -07:00
Qiang Huang 280dd66d0c add vendor/pkg to gitignore
It's auto generated by go install, we should ignore them.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-05-06 21:38:32 +08:00
Qiang Huang e5a7aad7eb Replace aliased imports of logrus
Docker already did this: https://github.com/docker/docker/issues/11762
libcontainer should also do it.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-05-06 21:14:04 +08:00
Mrunal Patel a1fe3f1c7a Merge pull request #560 from avagin/integration
integration: don't create a factory for each test case
2015-05-05 09:37:03 -07:00
Andrey Vagin 78f816d190 integration: don't create factories for each test case
We can do this only once.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-05-05 01:12:47 +03:00
Alexander Morozov 6607689b1d Merge pull request #566 from tianon/logrus-0.7.3
Update logrus to 0.7.3
2015-05-03 10:30:06 -07:00
Tianon Gravi d6a3a4e6c7 Update logrus to 0.7.3
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-05-03 00:24:36 -06:00
Alexander Morozov 83f0c1e580 Merge pull request #561 from avagin/logrus
Use logrus everywhere
2015-05-01 09:30:17 -07:00
Andrey Vagin 08af005e6b Use logrus everywhere
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-05-01 18:41:28 +03:00
Michael Crosby 3e661186ba Merge pull request #535 from mrunalp/sys_props
Adds support for setting system properties.
2015-04-30 11:46:33 -07:00